-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
127 lines (105 loc) · 4.32 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
FROM ruby:3.1 AS builder
RUN apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates curl gnupg && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
apt-get update && apt-get install -y nodejs yarn \
build-essential \
postgresql-client \
p7zip-full \
libpq-dev && \
apt-get clean
# throw errors if Gemfile has been modified since Gemfile.lock
RUN bundle config --global frozen 1
WORKDIR /app
# Copy package dependencies files only to ensure maximum cache hit
COPY ./package-lock.json /app/package-lock.json
COPY ./package.json /app/package.json
COPY ./Gemfile /app/Gemfile
COPY ./Gemfile.lock /app/Gemfile.lock
RUN gem install bundler:$(grep -A 1 'BUNDLED WITH' Gemfile.lock | tail -n 1 | xargs) && \
bundle config --local without 'development test' && \
bundle install -j4 --retry 3 && \
# Remove unneeded gems
bundle clean --force && \
# Remove unneeded files from installed gems (cache, *.o, *.c)
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/ -name "*.c" -delete && \
find /usr/local/bundle/ -name "*.o" -delete && \
find /usr/local/bundle/ -name ".git" -exec rm -rf {} + && \
find /usr/local/bundle/ -name ".github" -exec rm -rf {} + && \
# whkhtmltopdf has binaries for all platforms, we don't need them once uncompressed
rm -rf /usr/local/bundle/gems/wkhtmltopdf-binary-*/bin/*.gz && \
rm -f /usr/local/bundle/gems/seven_zip_ruby-1.3.0/lib/seven_zip_ruby/*.dll && \
# Remove additional unneded decidim files
find /usr/local/bundle/ -name "decidim_app-design" -exec rm -rf {} + && \
find /usr/local/bundle/ -name "spec" -exec rm -rf {} +
RUN npm ci
# copy the rest of files
COPY ./app /app/app
COPY ./bin /app/bin
COPY ./config /app/config
COPY ./db /app/db
COPY ./lib /app/lib
COPY ./packages /app/packages
COPY ./public/*.* /app/public/
COPY ./public/partners1 /app/public/partners1
COPY ./public/partners2 /app/public/partners2
COPY ./public/partners3 /app/public/partners3
COPY ./config.ru /app/config.ru
COPY ./Rakefile /app/Rakefile
COPY ./babel.config.json /app/babel.config.json
COPY ./postcss.config.js /app/postcss.config.js
# Compile assets with Webpacker or Sprockets
#
# Notes:
# 1. Executing "assets:precompile" runs "webpacker:compile", too
# 2. For an app using encrypted credentials, Rails raises a `MissingKeyError`
# if the master key is missing. Because on CI there is no master key,
# we hide the credentials while compiling assets (by renaming them before and after)
#
RUN mv config/credentials.yml.enc config/credentials.yml.enc.bak 2>/dev/null || true
RUN mv config/credentials config/credentials.bak 2>/dev/null || true
RUN RAILS_ENV=production \
SECRET_KEY_BASE=dummy \
RAILS_MASTER_KEY=0b809804a9de874fb0627b6cf5b6cada \
DB_ADAPTER=nulldb \
bin/rails assets:precompile
RUN mv config/credentials.yml.enc.bak config/credentials.yml.enc 2>/dev/null || true
RUN mv config/credentials.bak config/credentials 2>/dev/null || true
RUN rm -rf node_modules tmp/cache vendor/bundle test spec app/packs .git
# This image is for production env only
FROM ruby:3.1-slim AS final
RUN apt-get update && \
apt-get install -y postgresql-client \
imagemagick \
curl \
p7zip-full \
supervisor && \
apt-get clean
EXPOSE 3000
ENV RAILS_LOG_TO_STDOUT true
ENV RAILS_SERVE_STATIC_FILES true
ENV RAILS_ENV production
ARG RUN_RAILS
ARG RUN_SIDEKIQ
ARG COMMIT_SHA
ARG COMMIT_TIME
ARG COMMIT_VERSION
ENV COMMIT_SHA ${COMMIT_SHA}
ENV COMMIT_TIME ${COMMIT_TIME}
ENV COMMIT_VERSION ${COMMIT_VERSION}
# Add user
RUN addgroup --system --gid 1000 app && \
adduser --system --uid 1000 --home /app --group app
WORKDIR /app
COPY ./entrypoint.sh /app/entrypoint.sh
COPY ./supervisord.conf /etc/supervisord.conf
COPY --from=builder --chown=app:app /usr/local/bundle/ /usr/local/bundle/
COPY --from=builder --chown=app:app /app /app
USER app
HEALTHCHECK --interval=1m --timeout=5s --start-period=30s \
CMD (curl -sSH "Content-Type: application/json" -d '{"query": "{ decidim { version } }"}' http://localhost:3000/api) || exit 1
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["/usr/bin/supervisord"]